Milton Advisory Logo

Latest News

Latest News

Directors on the hook for cyber security, ASIC warns

Repelling attacks is just the start – businesses must demonstrate an ability to respond or the board will be held accountable, the regulator says.

.

Directors are duty-bound to ensure their company has “adequate” cyber security and the ability to recover from an attack or they could face action by ASIC, the chair of the regulator says.

Joe Longo said cyber readiness meant more than trying to engineer a bulletproof system but extended to building an ability to respond.

 

“Cyber preparedness is not simply a question of having impregnable systems. That’s not possible,” he said. “Instead, while preparedness must include security, it must also involve resilience, meaning the ability to respond and weather a significant cyber security incident.”

 

“This can only be built on thorough and comprehensive planning for significant cyber security incidents, and a clearly thought-out risk management strategy.”

 

Recovery plans on their own were also insufficient without regular testing and never-ending risk reassessment, including within supply chains.

Speaking at the Australian Financial Review Cyber Summit yesterday, Mr Longo said last year’s attacks against Optus and Medibank were a wake-up call but surveys showed most businesses lacked confidence in their organisation’s ability to remain resilient in a “worst-case” cyber event.

One important lesson was that relying on third-party providers always involved risk.

“None of us has control over the security of a third-party provider,” he said. “If we rely solely on the security measures those providers have in place, we leave a wide opening for a data breach if those measures are compromised.”

He said the Latitude Financial breach earlier this year originated from an outside provider and because Latitude was itself a service provider, millions more than its own customers were affected.

Initial findings from an ASIC survey still in progress revealed “that one of the weakest links in cyber preparedness is third-party suppliers, vendors, and managed service providers”.

Supply chain risks were a related issue, with almost one in two respondents saying they did not manage third-party or supply chain risk.

Mr Longo said ASIC had uncovered disconnects in the way various parts of a business handled the digital risks between:

  • Boards’ oversight of cyber risk.
  • Management reporting of cyber risk to boards.
  • Management identification and remediation of cyber risk.
  • Cyber risk assessments.
  • How cyber risk controls are implemented.

“This disconnect must be addressed,” he said. “Cyber security and resilience are not merely technical matters on the fringes of directors’ duties. ASIC expects directors to ensure their organisation’s risk management framework adequately addresses cyber security risk, and that controls are implemented to protect key assets and enhance cyber resilience.”
“Failing to do so could mean failing to meet your regulatory obligations.”

“Measures taken should be proportionate to the nature, scale and complexity of your organisation – and the criticality and sensitivity of the key assets held. This includes reassessment of cyber security risks on an ongoing basis, based on threat intelligence and vulnerability identification.”

“For all boards, cyber security and cyber resilience have got to be top priorities. “If boards do not give cyber security and cyber resilience sufficient priority, this creates a foreseeable risk of harm to the company and thereby exposes the directors to potential enforcement action by ASIC based on the directors not acting with reasonable care and diligence.”

He said boards and directors also had to consider how they would communicate with customers, regulators, and the market when things went wrong.

“Do they have a clear and comprehensive response and recovery plan? Has it been tested?

“How will the company detect if the system has been broken, or exploited? History shows that even robust defence systems can be circumvented, and resilience demands you be prepared for that possibility.”

He said two points needed to be emphasised: there was a need to act now, and third-party suppliers were a “clear vulnerability”.

“If you’re not evaluating your third-party cyber security risk, you’re deceiving yourself. And recent events show that you will suffer for it.”

“Don’t put yourself in that position.”

 

 

 

Philip King
19 September 2023
accountantsdaily.com.au

 

Staff 1

Nullam vitae maximus libero, vitae dapibus leo. Nullam elementum odio nulla, ut tempus quam consectetur ut. Pellentesque semper mauris condimentum massa posuere, sit amet congue mauris iaculis.

Suspendisse sagittis tortor ut ipsum porta ornare. Etiam imperdiet ultricies ligula ac volutpat. Nulla sollicitudin iaculis arcu, vitae ullamcorper ante semper id.

Vivamus non ex in turpis congue mollis. Nullam consequat est congue, sollicitudin augue in, rutrum metus.

Accounting & Taxation

We believe accounting services should be straight forward and stress-free. By providing cutting edge bookkeeping, accounting, taxation and financial solutions and using the right products for your record keeping, our team at Milton Advisory will work with you to understand your needs and help you achieve your goals, making it easier for you to manage your cash flow and meet your tax obligations.

While fiscal compliance is of the upmost importance, we at Milton Advisory also believe in offering management advice and support at all levels of our services. We are committed to offering the highest level of friendly and professional service and welcome the opportunity to work with you.

The areas we specialise in are as follows:

  • Accounting & Tax Consultancy Services
  • Personal & Business Tax Returns
  • Annual Reporting
  • Business and Tax Advisory
  • ATO correspondence Management
  • Self-Managed Super
  • Cloud accounting experts
Contact Us

Business Advisory

Choosing your business structure is an important decision and Milton Advisory can consult with you and suggest the best structure for your business. There are four main business structures commonly used by small businesses in Australia. They are:

Sole trader: an individual operating as the sole person legally responsible for all aspects of the business. Like other structures, as a sole trader you can employ people to help you run your business. The structure is inexpensive to set up because there are few legal and tax formalities.
Partnership: an association of people or entities running a business together, but not as a company. A partnership is relatively inexpensive to set up and operate.
Company: a legal entity separate from its shareholders. It is a complex business structure, with set-up and administrative costs that are usually higher than for other business structures.
Trust: an entity that holds property or income for the benefit of others. Trusts require a formal trust deed that outlines how the trust operates, require the trustee to undertake formal yearly administrative tasks and if you operate your business as a trust, the trustee is legally responsible for its operations. A trustee of a trust can be a company, providing some asset protection.

Companies and Trusts are more complicated business structures but they have their advantages and Milton Advisory can discuss these with you. It is important to note that you can change your business structure throughout the life of your business.

We can also assist with:

  • Business takeovers
  • Valuation of business
  • Due diligence reports
  • Due diligence services
  • Business risk profiles
  • Specialist Tax advice
  • Tax planning
  • Board of Directors representation
  • Specialist Tax advice
Contact Us

Corporate Secretarial Services

Milton Advisory has the experience and understanding of the legal and regulatory framework that applies to business entities and we can help you understand the myriad compliance programs and regulated obligations that affect your business/company. We will make sure your business/company meets all its obligations to ASIC (Australian Securities & Investments Commission), the ATO (Australian Taxation Office) and the SRO (State Revenue Office of Victoria). Compliance is of paramount importance but we also believe that management advice and support is a crucial aspect of corporate accounting.

We can assist with:

  • The formation of trusts and new company registrations
  • Preparation of annual company statements
  • Attending to ASIC returns and regular filings on your behalf
  • Any company changes or change of directors
  • Business name registrations and maintenance
  • Renewal of business name/s and other registrations
  • Preparing meeting minutes and drafting resolutions
  • Share allotments/transfers/buy-backs
  • Unit Trusts and allotment/transfer of units and change of Trustee
  • Family Trust set up and change of Trustees
  • Provision of registered office services for service of notices
  • Preparing minutes and drafting resolutions.
Contact Us

Wealth Management & Protection

Wealth creation, management and protection is a team sport. You need your team to consist of competent professionals and a high quality, well qualified and experienced financial planner should be top of the list.

A client needs to put in place the right strategies and structures, to create and protect wealth and then review these strategies and structures on a regular basis. That is because your circumstances and goals will change and so will the economy and the legislation relating to how your affairs are structured.

Milton Advisory maintain a close relationship with a local financial planner who we trust to help you navigate this important side of your finances.

Contact Us

Self-Managed Superannuation

Setting up a Self-Managed Superannuation Fund is a major financial decision. We understand that you’re busy and that the SMSF rules are complicated. We will provide you with an end to end solution giving you access to all the support and expertise you need to ensure your SMSF is well managed and compliant.

A SMSF can have many advantages but, equally, you need to consider the reasons why a SMSF may not suit your needs. We can help you decide if this is the right option for you.

Advantages of a SMSF:

Having control of your retirement savings can lead to a deeper understanding of how your overall wealth is tracking, and gives you more confidence in your investment and lifestyle decisions.

You can have access to a broader range of investments. You can invest in the usual options such as shares, term deposits, managed funds and property but you can also hold alternative assets such as artwork, jewellery, antiques, and wine. There are though, very strict rules on holding the latter assets in your self-managed super fund.

You retain control while still being able to take advice from your advisors.

Beneficial tax planning strategies.

Greater flexibility for accessing Centrelink benefits such as the age pension.

But a SMSF is not for everyone:

If you have set up a self-managed super fund (SMSF), you are in charge and you make the investment decisions for the fund. You must also be aware that you are responsible for complying with superannuation and tax laws, maintaining records, providing financial statements, completing tax returns and organising an annual independent audit.

You also need time and expertise to run your SMSF.

Compliance is very important.

There can be up to 4 Trustees and their thoughts and ideas have to be included.

The ATO offers advice on the responsibilities of having a SMSF.

Milton Advisory offers advice on all SMSF services, including:

  • The setting up of a SMSF and all administration tasks such as preparation of your trust deed and the completion and lodgement of relevant ATO statements.
  • Superannuation consolidation.
  • Ensuring your SMSF is compliant with current superannuation laws and regulations
  • Advice on life and disability Insurance options.
  • If there is more than one member in your SMSF, we can offer advice on what will happen in the event of ill health, death, relationship breakdown, or waning interest.
  • Advice regarding Investment in Property
  • Appointment of Trustees
  • Audit of your SMSF
Contact Us

Bookkeeping

Milton Advisory can take over all, or some of your bookkeeping activities allowing you to concentrate on growing your business.

Services we can offer include:

  • Design, establish and review accounting systems and software
  • Perform checks, reconciliations and end of financial year reports
  • Manage your accounts receivable and accounts payable
  • Ensure your business is up to speed with legislative requirements and management reports
  • Undertake payroll duties and compliance
  • Prepare and lodge BAS statements
  • GST & PAYE advice
  • BAS Lodgement
  • GST Reconciliation
  • PAYG Withholding & Superannuation reports
  • Completing expense reports
  • Direct to bank account transactions
  • Organising your documents and records
  • Data / ledger entry
  • Paying bills
  • Completing expense reports
  • Direct to bank account transactions
  • Provide general business administrative support
Contact Us

Tax Diary

General Calculators

Accounting Videos

Tax Deductions

Secure File Transfer

Secure File Transfer is a facility that allows the safe and secure exchange of confidential files or documents between you and us.

Email is very convenient in our business world, there is no doubting that. However email messages and attachments can be intercepted by third parties, putting your privacy and identity at risk if used to send confidential files or documents. Secure File Transfer eliminates this risk.

Login to Secure File Transfer, or contact us if you require a username and password.

General Disclaimer

The information provided on this website is for general guidance only and should not be used as a substitute for professional accounting advice. While we strive to ensure the accuracy and reliability of the information presented, we cannot guarantee its suitability or applicability to your specific circumstances.

This website and its contents are provided on an "as is" basis without warranty of any kind, express or implied. We disclaim any liability for any damages or losses arising from or connected with the use of this website or its contents, including but not limited to:

Our website may contain links to external websites or resources. We are not responsible for the content or accuracy of these external sites, and we do not endorse or guarantee their quality or reliability.

By using this website, you acknowledge that you have read, understood, and agree to be bound by this disclaimer. If you do not agree to these terms, please do not hesitate to contact us.

Privacy Policy

Milton Advisory is committed to providing quality services to you and this policy outlines our ongoing obligations to you in respect of how we manage your Personal Information.

We have adopted the Australian Privacy Principles (APPs) contained in the Privacy Act 1988 (Cth) (the Privacy Act). The NPPs govern the way in which we collect, use, disclose, store, secure and dispose of your Personal Information.

A copy of the Australian Privacy Principles may be obtained from the website of The Office of the Australian Information Commissioner at https://www.oaic.gov.au/.

What is Personal Information and why do we collect it?

Personal Information is information or an opinion that identifies an individual. Examples of Personal Information we collect includes names, addresses, email addresses, phone and facsimile numbers.

This Personal Information is obtained in many ways including correspondence, by telephone and facsimile, by email, via our website www.miltonad.com.au, from your website, from media and publications, from other publicly available sources, from cookies and from third parties. We don't guarantee website links or policy of authorised third parties.

We collect your Personal Information for the primary purpose of providing our services to you, providing information to our clients and marketing. We may also use your Personal Information for secondary purposes closely related to the primary purpose, in circumstances where you would reasonably expect such use or disclosure. You may unsubscribe from our mailing/marketing lists at any time by contacting us in writing.

When we collect Personal Information we will, where appropriate and where possible, explain to you why we are collecting the information and how we plan to use it.

Sensitive Information

Sensitive information is defined in the Privacy Act to include information or opinion about such things as an individual's racial or ethnic origin, political opinions, membership of a political association, religious or philosophical beliefs, membership of a trade union or other professional body, criminal record or health information.

Sensitive information will be used by us only:

Third Parties

Where reasonable and practicable to do so, we will collect your Personal Information only from you. However, in some circumstances we may be provided with information by third parties. In such a case we will take reasonable steps to ensure that you are made aware of the information provided to us by the third party.

Disclosure of Personal Information

Your Personal Information may be disclosed in a number of circumstances including the following:

Security of Personal Information

Your Personal Information is stored in a manner that reasonably protects it from misuse and loss and from unauthorized access, modification or disclosure.

When your Personal Information is no longer needed for the purpose for which it was obtained, we will take reasonable steps to destroy or permanently de-identify your Personal Information. However, most of the Personal Information is or will be stored in client files which will be kept by us for a minimum of 7 years.

Access to your Personal Information

You may access the Personal Information we hold about you and to update and/or correct it, subject to certain exceptions. If you wish to access your Personal Information, please contact us in writing.

Milton Advisory will not charge any fee for your access request, but may charge an administrative fee for providing a copy of your Personal Information.

In order to protect your Personal Information we may require identification from you before releasing the requested information.

Maintaining the Quality of your Personal Information

It is an important to us that your Personal Information is up to date. We will take reasonable steps to make sure that your Personal Information is accurate, complete and up-to-date. If you find that the information we have is not up to date or is inaccurate, please advise us as soon as practicable so we can update our records and ensure we can continue to provide quality services to you.

Policy Updates

This Policy may change from time to time and is available on our website.

Privacy Policy Complaints and Enquiries

If you have any queries or complaints about our Privacy Policy please contact us at:

george@miltonad.com.au

03 9008 4571